On Thursday, August 31, 2017 at 1:00:27 PM UTC-7, pixel fairy wrote: > You can do it now if youd like, > https://wiki.xenproject.org/wiki/Virtual_Machine_Introspection > > heres an example for windows guests, https://drakvuf.com/ > > It was discussed on the developers list, but this is high risk code that the > developers would need to audit. > > if you do this, i would recommend passing memory to an analysis vm which only > has permission to alert you to a problem. this would result in a delay and a > performance hit, so not the same effect, but safer against any attack crafted > against this mechanism from taking over your machine. i also hope your very > good at writing fast, tight parsers. go is supposed to be fast and type safe. > maybe it would be a good choice here. > > on a lighter scale, you can also use firejail within the vm, blacklist some > stuff, and set a watch on its logfile to alert you. redhat based appvms can > also do this with selinux. wont catch anything sophisticated enough to > privilege escalate and stop the alert from happening, but also no danger to > dom0. > > im glad vmware did this, for a long time, they only had a tool to dump memory > snapshots (at least for fusion). not a real time running filter like this, > but still fun.
should also stress that the code you pass through would go through dom0, so be very careful with it! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d92ac122-4179-4847-a938-b805b62fa1a7%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
